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AMENDMENTS TQ THE CT.ATMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 

Listing of Claims: 

1 . (Currently Amended) In a computer network that includes different types of data 
structures of one or more specific entities, a method for authorizing a requesting entity to operate 
upon data structures in a standard manner, the method comprising: 

an act of maintaining a plurality of role templates that define basic access permissions 
with respect to one or more command methods, wherein at least some of the role templates 
define the basic access permissions in a manner that is independent of the type of data structure 
being operated upon , and therein thejjlurality of rol e templates arc ^^n^ 
more role man documents t h at are each specific to a particular service ; 

an act of maintaining a plurality of role definitions that define access permissions for 
requesting entities by using one or more of the role templates; 

an act of receiving a request from the requcsling entity to perform at least one of the 
command methods, the request identifying the requesting entity, 

an act of identifying a role definition corresponding to the requesting entity; and 

an act of determining access permissions for the requesting entity with respect to the 
command method using the role definition corresponding to the requcsling entity. 

2. (Currently Amended) A method in accordance with Claim 1, wherein the act of 
maintaining a plurality of role definitions that define access permissions for specific entities 
comprises: 

an act of the rolo definition corresponding to the requesting entity using at least one 
access permission that is specific to the requesting entity, wherein the at least one anees* 
permission for the requesting entity a*e-is_defined by the one or more role templates that are used 
by the corresponding role definition as well as the access permission that is specific to the 
requesting entity. 
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3. (Original) A method in accordance with Claim 1, wherein the request includes an 
identification of credentials used to authenticate the requesting entity, wherein the role definition 
corresponding to the requesting entity is identified using the credential identification, wherein 
different role definitions may apply depending on the credentials. 

4. (Original) A method in accordance with Claim 1, wherein the request identifies the 
requesting entity by identifying a user as well as a corresponding application that is making the 
request, wherein different role definitions may apply depending on both the identification of the 
user as well as the corresponding application. 

5. (Currently Amended) A method in accordance with Claim 1, wherein the act of 
maintaining a plurality of role templates that define basic access permissions comprises the 
following: 

| an act of maintaining a-thc at least pne_nolc map documents that contains all of the role 

lemplates for a particular service. 

6. (Currently Amended) A method in accordance with Claim 5, wherein the act of 
maintaining a role map document that contains all of the role templates for a particular service 
comprises the following: 

an act of defining one or more scopes that describe views on a data structure, the one or 
more scopes being define d indenendcnl of the plurality of role tem plate; and 

an act of defining a role template by associating a method type with one of the one or 
more scopes. 

7. (Original) A method in accordance with Claim 5, wherein the act of maintaining a 
role map document that contains all of the role templates for a particular service comprises the 
following: 

an act of maintaining a role map document as a hierarchical data structure. 
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8. (Original) A method in accordance with Claim 5, wherein the act of maintaining a 
role map document that contains all of the role templates for a particular service comprises the 
following: 

an act of maintaining a role map document as an XML document. 

9. (Currently Amended) A method in accordance with Claim 1, wherein the act of 
maintaining a plurality of role definitions that define access permissions for specific entities by 
using one or more of the role templates comprises the following: 

| an act of maintaining gje or morca-role list documents that contains all of the role 

definitions for requesting entities that may attempt to access data structures belonging to an 
identity. 

10. (Previously Presented) A method in accordance with Claim 9, wherein the act of 
maintaining a role list document comprises the following: 

an act of defining a role definition by referencing a role template included in a role map 
document, the role map being distinct from the role list. 

11. (Original) A method in accordance with Claim 10, wherein the act of maintaining a 
role list document comprises the following: 

an act of maintaining a role list document as a hierarchical data structure. 

12. (Original) A method in accordance with Claim 10, wherein the act of maintaining a 
role list document comprises the following: 

an act of maintaining a role list document as an XML document. 

13. (Original) A method in accordance with claim 1, wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to insert a portion into the data 
structure. 
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14. (Original) A method in accordance with claim I, wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to delete a portion from the data 
structure. 

15. (Original) A method in accordance with claim 1. wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to update a portion of the data 
structure. 

16. (Original) A method in accordance with claim 1, wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to replace a portion of the data 
structure. 

17. (Original) A method in accordance with claim 1, wherein the act of receiving a 
request from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to query regarding a portion of the 
data structure. 

18. (Original) A method as recited in Claim 1, wherein the one or more command 
methods comprise a set including insert, delete, query, update, and replace. 

19. (Original) A method as recited in Claim 1, wherein the data structure represents in- 
box information. 
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20. (Original) A method as recited in Claim 1, wherein the data structure represents 
calendar information. 



21. (Original) A method as recited in Claim 1, wherein ihe data structure represents 
document information. • 



22. (Original) A method as recited in Claim 1, wherein the data structure represents 
notification information. 



23. (Original) A method as recited in Claim 1, wherein the data structure represents 
content information. 



24. (Original) A method as recited in Claim 1, wherein the data structure represents role 
list information. 



25. (Original) A method as recited in Claim 1, wherein the data structure represents 
system information. 



26. (Original) A method as recited in Claim 1, wherein the act of identifying a role 
definition corresponding to the requesting entity comprises: 

an act of identifying the role definition by searching a database. 

27. (Original) A method as recited in Claim 1, wherein the act of identifying a role 
definition corresponding to the requesting entity comprises: 

an act of identifying the role definition based on authorized role information provided 
within the request. 

28. (Original) A method as recited in Claim 27, wherein the authorized role information 
includes an identification of a role template. 
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29. (Original) A method as recited in Claim 28, wherein the authorized role information 
further includes an identification of at least one refined, local scope for modifying the role 
template. 



30. (Cancelled). 
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31 . (Currently Amended) In a computer network that includes different types of data 
structures of one or more specific entiries, a method for authorizing a requesting entity to operate 
upon data structures in a standard manner, the method comprising: 

an act of maintaining a number of role templates with i n one or more ro le man docum ent 
thal_arc^peci fic tp a pailic njar^rvic^jlx e role template s Jfeay^^dcjnmo.basic access 
permissions with respect to a number of command methods, wherein at least some of the role 
templates define the basic access permissions in a manner that is independent of the type of data 
structure being operated upon; and 

a step for authorizing a requesting entity using the role templates in a manner that is 
independent of the type of data structure being accessed. 

32. (Previously Presented) A method in accordance with Claim 31, wherein the step 
for authorizing a requesting entity using the role templates comprises the following: 

an act of maintaining a plurality of role definitions that define access permissions for 
receiving entities by using one or more of the role templates; 

an act of receiving a request from the requesting entity to perform at least one of the 
command methods, the request identifying the requesting entity; 

an act of identifying a role definition corresponding to the requesting entity; and 

an act of determining access permissions for the requesting entity with respect to the 
command method using the role definition corresponding to the requesting entity. 

33. (Previously Presented) A method as recited in Claim 31 , wherein the act and step 
are performed by computer-executable instructions embodied within a physical computer- 
readable medium. 
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34. (Cuirently Amended) A computer program product for use in a computer network 
that includes different types of data structures of one or more specific entities, the computer 
program product for implementing a method for authorizing a requesting entity to operate upon 
data structures in a standard manner, the computer program product comprising one or more 
physical computer-readable media have stored thereon the following: 

computer-executable instructions for maintaining a plurality of role templates that define 
basic access permissions with respect to one or more command methods, wherein at least some 
of the role templates define the basic access permissions in a manner that is independent of the 
type of data structure being operated upon , and where in the plurality o f r ole templates are 
contained within one or more role map d ocuments that are sp ecific to a part ic ular service : 

computer-executable instructions for maintaining a plurality of role definitions that define 
access permissions for receiving entities by using one or more of the role templates; 

computer-executable instructions for detecting the receipt of a request from the 
requesting entity to perform at least one of the command methods, the request identifying the 
requesting entity; 

computer-executable instructions for identifying a role definition corresponding to the 
requesting entity; and 

computer-executable instructions for detemuning access permissions for the requesting 
entity with respect to the command method using the role definition corresponding to the 
requesting entity. 

35. (Previously Presented) A computer program product as recited in Claim 31, 
wherein the one or more physical computer-readable media are storage media. 
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36. (Currently Amended) In a computer network that includes different services, 
applications, and an authorization station, the applications submitting requests to perform 
operations on different data structures managed by the different services, a system for isolating 
the authorization process from the services so that the services need not independently authorize 
each request they receive from the number of applications, the system comprising: 

a plurality of services, each service configured to facilitate operations on one or more 
types of data structures; 

an authorization station configured to receive requests from a number of applications to 
operate upon data structures managed by any of the number of services, the authorization station 
configured to perform the following: 

receive a request from a requesting entity to perform a target operation upon a 
target data structure managed by a target service; 

access a role template that defines basic authorizations with respect to one or 
more operations, including at least the target operation, wherein the role template defines 
the basic authorizations in a manner that is independent of the target data structure 
desired to be operated upon, and wherein th e role template is enntained within .1 rob map 
documen t that is specific to one of the plurality of services : 

determine that the corresponding requesting entity is authorized to perform the 
target operation on the target data structure; and 

communicate to the target service that the requesting entity is authorized to 
perform the target operation on the target data structure. 



37. (Currently Amended) A method as recited in Claim 1, wherein the act of 
maintaining a plurality of role definitions that define access permissions for requesting entities 
by using one or more of the role templates comprises the following: 

an act of maintaining a plurality of role definitions for the requesting entity, wherein at 
least one of t he plurality of role definitions corresponds to an plurality of authentication methods. 
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38. (Currently Amended) A method as recited in Claim 1, wherein the act of 
identifying a role definition corresponding to the requesting entity comprises the following: 

an act of referencing a role template; and 

an act of maintaining one or more refined scopes fnr refining a scope referenced in the 
role template, wherein the ong^morejgjuicd scopes ar e independent o f the role template a nd 
refinement occurs at a user level, and wherein the scope r eferenced in the role template indicates 
what portions of a data structure are visible to a role definition tor a partic ular com mand metho d. 

39. (Previously Presented) A method as recited in Claim 1, wherein the act of 
determining access permissions for the requesting entity with respect to the command method 
using the role definition corresponding to the requesting comprises the following: 

an act of determining access permissions below the data structure level. 

40. (New) A method as recited in Claim 9, wherein each of the one or more role list 
documents are specific to a particular requesting entity. 
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